Blocking based on snort alerts.

[fatema bannatwala <fatema.bannatwala () gmail com>]

Hi,

Just wanted to ask, if anyone blocking IPs that are triggering specific
snort alerts.
We are blocking IPs based on triggering of some snort alerts that we think
are legit and not trigger on false positive.
The reason I ask, is in past we had good amount of snort alerts that were
set to block the IPs that are triggering those alerts, but turned out that
we were blocking some legit IPs to access the network because of false
positives that were triggering those snort alerts.
Hence if anyone would like to share the sids they are using to take direct
actions like blocking at the border, when those sids get triggered.

Appreciate any comments/suggestions.

Thanks,
Fatema.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!